I love passive tools, what I like to think of as the "M" in NSM.
I recently posted about PADS. Sguil also uses p0f for operating system fingerprinting, and sancp for session-logging.
Even the IDS and packet-logging components of Sguil are passive. There are plenty of other good passive tools available.
You can learn a lot just by listening.
You can also run Snort inline and active, which goes a little beyond monitoring, for better or worse.
21 March, 2008
Passive Tools
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment